Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Layer 2 person spoofing and impostor syndrome

Bea Hughes
November 22, 2017
740

Layer 2 person spoofing and impostor syndrome

For Bsides Wellington in New Zealand, November 2017

"Impostor syndrome, a concept describing individuals who are marked by an inability to internalize their accomplishments and a persistent fear of being exposed as a "fraud"."

Bea Hughes

November 22, 2017
Tweet

Transcript

  1. Layer 2 person spoofing
    and impostor syndrome
    % sudo ifconfig en0 ether 78:4f:43:69:1b:10 \
    && ifconfig en0 | head -3
    en0: flags=8863 mtu 1500
    ether 78:4f:43:69:1b:10
    inet 10.100.1.219 netmask 0xfffffc00 broadcast 10.100.3.255
    Thanks hotspot.nzwireless.co.nz
    @benjammingh for BsidesNZ 1

    View full-size slide

  2. Who's this clown? (1/2) 2
    • Security Engineer at Stripe.
    • Infrastructure security at Etsy.
    • Opera5ons engineer at Puppet.
    • Two 5me sponsor of Wrong Island Con.
    2 h$ps:/
    /twi$er.com/skullmandible/status/411281851131523072
    @benjammingh for BsidesNZ 2

    View full-size slide

  3. Who's this whingeing pom? (2/2)
    • Knows how to pronounce "router".
    • Is delighted to be back here enjoying the 300/400ms latency on
    everything.
    • Has had his Instagramme stuck giving him NZ ads for the past 3
    months. (if you know how to fix this, please help me!)
    @benjammingh for BsidesNZ 3

    View full-size slide

  4. is heaps be)er than
    Obviously.
    @benjammingh for BsidesNZ 4

    View full-size slide

  5. is also be)er than both
    @benjammingh for BsidesNZ 5

    View full-size slide

  6. But first!
    @benjammingh for BsidesNZ 6

    View full-size slide

  7. A trigger warning
    @benjammingh for BsidesNZ 7

    View full-size slide

  8. This talk is about
    Vulnerabili*es
    @benjammingh for BsidesNZ 8

    View full-size slide

  9. vulnerability |vʌln(ə)rəˈbɪlɪ4|
    noun (plural vulnerabili*es) [mass noun]
    the quality or state of being exposed to the possibility of being
    a5acked or harmed, either physically or emo:onally: conserva:on
    authori:es have realized the vulnerability of the local popula:on
    @benjammingh for BsidesNZ 9

    View full-size slide

  10. the quality or state of being exposed
    to the possibility of being a5acked
    or harmed, either physically or
    emo$onally
    @benjammingh for BsidesNZ 10

    View full-size slide

  11. So if you're looking for 0-day, you
    may be in the wrong room.
    @benjammingh for BsidesNZ 11

    View full-size slide

  12. Impostor syndrome!
    @benjammingh for BsidesNZ 12

    View full-size slide

  13. Impostor syndrome is when high-
    achieving individuals are marked by
    an inability to internalise their
    accomplishments & a persistent fear
    of being exposed as a "fraud"
    — clinical psychologists Dr. Pauline R. Clance & Suzanne A. Imes
    @benjammingh for BsidesNZ 13

    View full-size slide

  14. "Am I even qualified to give this
    talk?"
    — Me, earlier today, proving that I probably am.
    @benjammingh for BsidesNZ 14

    View full-size slide

  15. "But everyone has this, no?"
    @benjammingh for BsidesNZ 15

    View full-size slide

  16. OCD
    vs.
    Actually liking things to be 2dy
    @benjammingh for BsidesNZ 16

    View full-size slide

  17. Exemplum!
    @benjammingh for BsidesNZ 17

    View full-size slide


  18. @benjammingh for BsidesNZ 18

    View full-size slide

  19. "I am going to be discovered and
    fired..."
    — Me, then.
    @benjammingh for BsidesNZ 19

    View full-size slide

  20. THIS IS DUCKING DEPRESSING
    @benjammingh for BsidesNZ 20

    View full-size slide

  21. It makes it real hard to do good work
    @benjammingh for BsidesNZ 21

    View full-size slide

  22. Which then just perpetuates itself
    @benjammingh for BsidesNZ 22

    View full-size slide

  23. Which leads to burnout...
    @benjammingh for BsidesNZ 23

    View full-size slide

  24. @benjammingh for BsidesNZ 24

    View full-size slide


  25. @benjammingh for BsidesNZ 25

    View full-size slide

  26. Reality vs. Percep0on of others
    From h'ps:/
    /billwa'.org/the-imposter-syndrome/
    @benjammingh for BsidesNZ 26

    View full-size slide

  27. @benjammingh for BsidesNZ 27

    View full-size slide

  28. STORY TIME 2
    @benjammingh for BsidesNZ 28

    View full-size slide

  29. @benjammingh for BsidesNZ 29

    View full-size slide

  30. HOLY SHIT WE HAVE DIFFERENCE
    EXPERIENCES
    @benjammingh for BsidesNZ 30

    View full-size slide

  31. (Best (worst) stock photo ever?)
    @benjammingh for BsidesNZ 31

    View full-size slide

  32. Impostor syndrome can be a sign
    that you're about to learn awesome
    things.
    @benjammingh for BsidesNZ 32

    View full-size slide

  33. It can be a sign you have a lot of
    knowledge to share too!
    @benjammingh for BsidesNZ 33

    View full-size slide

  34. Straw poll
    How many people have you heard of ge3ng
    fired due to knowing nothing?
    How many people have you heard of having
    impostor syndrome?
    @benjammingh for BsidesNZ 34

    View full-size slide

  35. So why do our brains make this
    trade off?
    @benjammingh for BsidesNZ 35

    View full-size slide

  36. Ego?
    @benjammingh for BsidesNZ 36

    View full-size slide

  37. Did I men)on I work in security?
    @benjammingh for BsidesNZ 37

    View full-size slide

  38. Infosec problems (including but not limited to)
    • Has a&ackers. Coders have bugs, ops people have well the world.
    There are real humans a&acking you trying to break your shit.*
    • There is very clear win/lose stakes.
    • Especially in the con scene, a lot of posturing.
    • DefCon sCll exists (;
    * Assume blue team here, I know...
    @benjammingh for BsidesNZ 38

    View full-size slide

  39. ...which leads to
    • people not showing their vulnerabili3es (not that kind).
    • people not admi:ng they don't know something out of fear.
    • people burning out and leaving the industry.
    • Infosec not being the most diverse and inclusive industry.
    @benjammingh for BsidesNZ 39

    View full-size slide

  40. "well don't think of yourself as an
    imposter, think of yourself as not a
    psychopath."
    — Sco& Roberts
    @benjammingh for BsidesNZ 40

    View full-size slide

  41. "One of the best things I've done for
    myself lately: created a doc where I
    copy-paste compliments I've goGreat for low days. Try it."
    — Molly Clare
    @benjammingh for BsidesNZ 41

    View full-size slide

  42. "For passphrases, make them
    something posi2ve and encouraging,
    so every 2me you have to type them
    in, you feel a li:le be:er about the
    world."
    — paraphrased from an Anonymous Canadian
    @benjammingh for BsidesNZ 42

    View full-size slide

  43. Brains!
    @benjammingh for BsidesNZ 43

    View full-size slide

  44. Aside: cogni,ve dissonance
    @benjammingh for BsidesNZ 44

    View full-size slide

  45. @benjammingh for BsidesNZ 45

    View full-size slide

  46. What can you do as an organisa0on?
    @benjammingh for BsidesNZ 46

    View full-size slide

  47. Acknowledge it!
    @benjammingh for BsidesNZ 47

    View full-size slide

  48. It's okay to say what's okay
    @benjammingh for BsidesNZ 48

    View full-size slide

  49. From The Recurse Center
    @benjammingh for BsidesNZ 49

    View full-size slide

  50. Obligatory reference to blameless
    postmortems as I'm contractually
    bound to by Etsy
    @benjammingh for BsidesNZ 50

    View full-size slide

  51. Praise others, because they may feel
    this too.
    @benjammingh for BsidesNZ 51

    View full-size slide

  52. Tip for praise: Don't personalize. For
    the same reason you wouldn't say
    "You're a dumbass," don't just say
    "You're a genius."
    — @candor 5
    5 Blameless praise! from Slack's great ar5cle on giving feedback
    @benjammingh for BsidesNZ 52

    View full-size slide

  53. Stop the nerd snipe, even if it's good
    inten2oned
    @benjammingh for BsidesNZ 53

    View full-size slide

  54. Your culture o*en affects people in
    seemingly invisible ways
    @benjammingh for BsidesNZ 54

    View full-size slide

  55. Just don't go too far (;
    Dunning–Kruger effect
    @benjammingh for BsidesNZ 55

    View full-size slide

  56. Let's hope I'm on track for 2me!
    • be understand to people, this is hard.
    • be kind to yourself, even if you're a jerk like me.
    • seek help if you can (friends, therapists, coworkers)
    @benjammingh for BsidesNZ 56

    View full-size slide

  57. This affects people differently
    • Confidence sadly o.en comes with privilege.
    • As does arrogance.
    @benjammingh for BsidesNZ 57

    View full-size slide

  58. Mess of links that will be useful when I tweet the URL to this
    slidedeck
    • Impostor Syndrome in DFIR - Sco5 Roberts fantas9c piece on
    the topic.
    • Allowed To Apply - blog on telling yourself you can do this.
    • How to get a promo9on
    • Blue Hackers - site on mental health in the tech community and
    how to help.
    @benjammingh for BsidesNZ 58

    View full-size slide

  59. If this sounds like an environment
    you'd like to work in, come talk to
    me about
    Jobs at Stripe
    @benjammingh for BsidesNZ 59

    View full-size slide

  60. Ta
    • My blog post on the subject
    • Fax: +1 (415) 484-7239
    • Twidder: @benjammingh
    • SpeakerDeck: speakerdeck.com/barnbarn
    @benjammingh for BsidesNZ 60

    View full-size slide